#
ec2bfb7d |
| 10-Dec-2020 |
Dr. David von Oheimb |
apps/{req,x509,ca}.c Make sure certs have SKID and AKID X.509 extensions by default Fixes #13603 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.co
apps/{req,x509,ca}.c Make sure certs have SKID and AKID X.509 extensions by default Fixes #13603 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658)
show more ...
|
#
9e49aff2 |
| 09-Nov-2020 |
Nicola Tuveri |
Add SM2 private key range validation According to the relevant standards, the valid range for SM2 private keys is [1, n-1), where n is the order of the curve generator. For this
Add SM2 private key range validation According to the relevant standards, the valid range for SM2 private keys is [1, n-1), where n is the order of the curve generator. For this reason we cannot reuse the EC validation function as it is, and we introduce a new internal function `sm2_key_private_check()`. Partially fixes https://github.com/openssl/openssl/issues/8435 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13359)
show more ...
|
#
ed37336b |
| 09-Nov-2020 |
Nicola Tuveri |
[apps/pkey] Return error on failed `-[pub]check` Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13359)
|
#
1c47539a |
| 19-Oct-2020 |
Otto Hollmann |
Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https:
Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12100)
show more ...
|
#
a86add03 |
| 07-Jan-2021 |
Matt Caswell |
Prepare for 3.0 alpha 11 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
|
#
cae118f9 |
| 07-Jan-2021 |
Matt Caswell |
Prepare for release of 3.0 alpha 10 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
|
#
ea780814 |
| 21-Oct-2020 |
Pauli |
dsa: add additional deprecated functions to CHANGES entry. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://g
dsa: add additional deprecated functions to CHANGES entry. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13638)
show more ...
|
#
a08489e2 |
| 11-Dec-2020 |
Dmitry Belyavskiy |
Documenting the options deprecating in CHANGES.md Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13669)
|
#
1e13198f |
| 08-Dec-2020 |
Matt Caswell |
Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
af2f14ac |
| 20-Nov-2020 |
Richard Levitte |
ERR: Drop or deprecate dangerous or overly confusing functions ERR_get_error_line() is deprecated, and ERR_get_error_func() and ERR_get_error_data() are removed in favor of ERR_get_error
ERR: Drop or deprecate dangerous or overly confusing functions ERR_get_error_line() is deprecated, and ERR_get_error_func() and ERR_get_error_data() are removed in favor of ERR_get_error_all(), since they pop the error record, leaving the caller with only partial error record data and no way to get the rest if the wish. If it's desirable to retrieve data piecemeal, the caller should consider using the diverse ERR_peek functions and finish off with ERR_get_error(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13466)
show more ...
|
#
59d7ad07 |
| 21-Oct-2020 |
Matt Caswell |
Updates the CHANGES.md entry regarding DH deprecation Extend the existing CHANGES.md entry with information about the additional functions that have also been deprecated. Review
Updates the CHANGES.md entry regarding DH deprecation Extend the existing CHANGES.md entry with information about the additional functions that have also been deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13138)
show more ...
|
#
e3197e5a |
| 26-Nov-2020 |
Matt Caswell |
Prepare for 3.0 alpha 10 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
#
68ec3d47 |
| 26-Nov-2020 |
Matt Caswell |
Prepare for release of 3.0 alpha 9 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
#
f5a46ed7 |
| 12-Nov-2020 |
Richard Levitte |
Modify the ERR init functions to use the internal ERR string loaders This deprecates all the ERR_load_ functions, and moves their definition to separate C source files that can easily be
Modify the ERR init functions to use the internal ERR string loaders This deprecates all the ERR_load_ functions, and moves their definition to separate C source files that can easily be removed when those functions are finally removed. This also reduces include/openssl/kdferr.h to include cryptoerr_legacy.h, moves the declaration of ERR_load_ERR_strings() from include/openssl/err.h to include/openssl/cryptoerr_legacy.h, and finally removes the declaration of ERR_load_DSO_strings(), which was entirely internal anyway. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
show more ...
|
#
1b2a55ff |
| 23-Oct-2020 |
Matt Caswell |
Add a CHANGES.md entry for the "tmp_dh" functions/macros Describe the tmp_dh deprecations, and what applications should do instead. Reviewed-by: Richard Levitte <levitte@openssl.org
Add a CHANGES.md entry for the "tmp_dh" functions/macros Describe the tmp_dh deprecations, and what applications should do instead. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
show more ...
|
#
a18cf8fc |
| 12-Nov-2020 |
Rich Salz |
Remove -C option from x509 command Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pu
Remove -C option from x509 command Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13384)
show more ...
|
#
1696b890 |
| 11-Nov-2020 |
Rich Salz |
Remove -C from dhparam,dsaparam,ecparam Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/opens
Remove -C from dhparam,dsaparam,ecparam Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13384)
show more ...
|
#
c87a7f31 |
| 04-Nov-2020 |
Pauli |
apps/passwd: remove the -crypt option. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl
apps/passwd: remove the -crypt option. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13313)
show more ...
|
#
0e071fbc |
| 04-Nov-2020 |
David von Oheimb |
CHANGES.md: Mention (strict) checks recently added to X509_verify_cert() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13312)
|
#
ecabd006 |
| 05-Nov-2020 |
Matt Caswell |
Prepare for 3.0 alpha 9 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
#
20d7295c |
| 05-Nov-2020 |
Matt Caswell |
Prepare for release of 3.0 alpha 8 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
#
9750b4d3 |
| 29-Oct-2020 |
Randall S. Becker |
Moved OPENSSL_fork_prepare,_parent,_child from init.c to threads_pthread.c. These methods should ultimately be deprecated. The move is to insulate non-UNIX platforms from these undefined
Moved OPENSSL_fork_prepare,_parent,_child from init.c to threads_pthread.c. These methods should ultimately be deprecated. The move is to insulate non-UNIX platforms from these undefined symbols. CLA: Permission is granted by the author to the OpenSSL team to use these modifications. Fixes #13273 Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13276)
show more ...
|
#
8ea761bf |
| 29-Oct-2020 |
Shane Lontis |
Add AES KW inverse ciphers to the EVP layer Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13272)
|
#
0a737e16 |
| 09-Oct-2020 |
Matt Caswell |
Deprecate EVP_PKEY_set1_tls_encodedpoint() Also deprecate EVP_PKEY_get1_tls_encodedpoint(). The preferred alternative is EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_enc
Deprecate EVP_PKEY_set1_tls_encodedpoint() Also deprecate EVP_PKEY_get1_tls_encodedpoint(). The preferred alternative is EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key(). Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13105)
show more ...
|
#
372e72b1 |
| 15-Oct-2020 |
Matt Caswell |
Add a CHANGES entry for the SSL_SECOP_TMP_DH change Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.
Add a CHANGES entry for the SSL_SECOP_TMP_DH change Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13136)
show more ...
|